[OpenID] Logout Use Case
Andrew Arnott
andrewarnott at gmail.com
Sat Oct 3 04:34:10 UTC 2009
I don't see what multi-auth has to do with logging out. If the user clicks
"log out" at RP2, and the user logged into RP2 with OP1, then OP1 assists
the user in logging out of both RP1 and RP2 since OP1 sent a positive
assertion to those RPs. The detail that RP1 required positive assertions
from OP1 *and* OP2 to log the user in seems inconsequential. As soon as RP1
gets the "log out" assertion from the OP, it only has OP2 with a standing
positive assertion left, and therefore logs the user out. OP1 isn't ever
aware that OP2 existed.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Fri, Oct 2, 2009 at 9:06 PM, SitG Admin
<sysadmin at shadowsinthegarden.com>wrote:
> I don't understand how you can use an OP to log into an RP without the OP
>> being aware that it's sending that assertion.
>>
>
> Sure. But if you're using OP1 *and* OP2 to login at RP3 (say, via
> MultiAuth), then the user should be able to keep OP1 and OP2 unaware of each
> other; so, when RP4 (which only knows the user through OP1) tells the user
> to logout from all of OP1's sessions, it can only send the user to OP1; will
> OP1 also send the user to all the RP's it knows, just in case any of them is
> currently using MultiAuth with the user?
>
> -Shade
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091002/d5526df8/attachment.htm>
More information about the general
mailing list